VPN Setup on a firebox X55e

This is what i have,
1: Laptop with mobile broadband
2: Win 2003 server with Watchguard Firebox X55e

This is what i want to do:
1: Conenct my labtop to my win 2003 server using a VPN tunnel

This is what I need help with:
1: Choose type of VPN connection, MUVPN maybe?
2: Make the correct settings for this.
3: Make the connection

I have tried this:
1: Created a new user under Firebox Users
2: Enable MUVPN for this account.
3: downloaded the .wgx file and imported that in "WatchGurad Mobile VPN" software
4: Tried to connect, but got the error: Lost connect to peer phase 1 eror

I have looked in the profile but I'm not sure about the settings in the profile.
For example in my case what the of conenction medium should I choose?
and so on...

So I really need some help with this guys.

1: Choose type of VPN connection, MUVPN maybe?
2: Make the correct settings for this.
3: Make the connection

In your scenario, there are three options by which you can configure VPN:

MUVPN:
Create user on X55e, click the MUVPN tab; make sure that Enable MUVPN for this account check box is selected and VPN client type is Mobile User, I think you have already configured all this.
As phase I is failing, it means that the remote computer is not able to communicate with the X55 for VPN negotiations; make sure that you are using different internet connections and that the machine is not connected to the X55 when you attempt VPN.

X55 acting as PPTP server:
With the new firmware ver 8.6, Edge boxes can act as PPTP Server, for this you need not install any client on the remote machines, they would be able to establish VPN using windows Network Connection; you would need to add a VPN connection through the windows wizard.
For this when you add a user on X55, under Settings tab, select the Allow remote access with PPTP check box.

As you also have a win2003 server, you can configure the server to act as PPTP sever:
Configure Routing and remote access on win2003 server, on X55 you would need to create a service to allow incoming traffic on TCP port 1723 and allow GRE protocol.

Please advice which method you would wish to connect, we can work on any method or troubleshoot as the need be.

It appears that the IPSec traffic is not coming to the box at all; can you change
Allow remote access with PPTP: False
to true;
and then make a VPN connection by going to Windows Network Connections; New Connection; connect to office or Virtual private network; give some name; specify public IP of your device; after finishing wizard, specify username/password as defined when creating the user and check if you are able to connect.

Please note the password or shred key should be at least 8 characters in length.

Please note we are trying to connect using PPTP for which we do not need MUVPN client, please configure windows network connection as I advised in my last post and see if you are able to VPN; if yes, then you can uninstall the MUVPN software from the client machine.

No HTTP proxy rules would not interfere with the incoming VPN traffic either PPTP or IPSec; looking at all the error messages you are getting it appears to me that your ISP is specifically blocking VPN traffic, please touch base with them about the issue. The port and protocol we need for VPN traffic are:

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

I don't know what exactly the problem was. What I did was:
1: I opend the ports in my software firewall
2: Created a new profile in Firebox users
3: picked a virual IP adress that was not in my DHCP server range
4: I also activated the PPTP for mobile user
5: Imported the new .wgx file to Watchguard
6: I had to add the the shared secret in the Identities tab

I will test the connection again outside our own network and se if it works there an also using the Microsft VPN connection via PPTP

I will get back to you after I have tested the connection and tell you if it works outside to.

So it maby was my software firewall that made allt the problems. Talk to you later.

instead of using names use ip and check results; if you are able to access shares with IP then for name resolution we either modify the hosts file on the remote machine or we can use DNS/WiNS server(if you already have configured on the internal network).

What is the subnet address of the network behind d-link; if it is same as WG subnet : 192.168.0.0/24; then you would need to change subnet at one of the ends.
It would be easy to change the LAN address on d-link if you are using DHCP as in that case you would need to reconfigure anything on WG.

Please note as WG is acting as VPN server there are no settings which need be done on any machine behind WG; only thing to make sure is that the machine behind WG do not have firewall which blocks all traffic (inclusing windows firewall); and they have shares which can be accessed from other machines.

oki thx, the problem was that both connections was on the same subnet. missed that.. thx :)

It works now, :) THX!!!

Another question: Can I set a password to the VPN connection, the shared key must allwas be in the VPN software, otherwise it will not conenct at all. I tried to use the Extended Authentication but then the connection fails.

So if I only wants the users to access the Scratch folder in common can I do this restrictions in the WG in some way, or must I make new folders on the server that only has the folders I want the users to get access to?

Shared key is the password for your remote users; please note you cannot use certificates or other authentication method with X55e.

Filtering incoming traffic from users is not possible on WG X55e; it would be good to implement access rules through windows; WG would allow all access to the remote users to the trusted network by default. So, as you thought creating folders with specific shares or assigning users to groups with restrictive permissions would be another way to implement.

WOW I was reading along I have a Edge 20e and
My remote users VPN does work.... Half the time..
Every now and then they get booted and then they wait about 15 mins to Half hour and they can log in again.
I only Forwarded Ports 1723 and 500 to the server
I have not touched the VPN on the WG cause I am nervous my lack of knowledge..
any chance you could give me a play by play to setup remote access to our SBS with the WG. so that the connection is stable?"

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable.
BACK…

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…